11 Nov
2020
11 Nov
'20
7:57 a.m.
Paul et. al.,
Thanks for your clarifications. I believe I understand what you mean now.
- Your AMPR firewall/gateway blocks ALL non-AMPRNet traffic by default (Good! I didn't
understand, because I drop ALL traffic by default, lol)
- You only see increased hits at the IPENCAP tunnel's WAN-facing side because you
block the traffic prior to forwarding - and this traffic is coming from AMPRGW's
Public IP (i.e. Internet traffic)
I don't need a list of IPs particularly; but your information helped me find a search
target. I have Netflow and SNMP records of my WAN and AMPR interfaces. I can see if any of
my 44 IPs have been hit identically.
Looking at Neflow traffic by total flows: Traffic increased at about 01:00 UTC on
Wednesday, 4 November. It subsided approximately 05:00 UTC on Sunday, 8 November. The
increased traffic is primarily TCP. I can send a screenshot to you and Albert. Obviously,
I can search the IPs in the block if anyone is curious - or needs to confirm anything.
- KB3VWG